commit c7a6b5ea172e5e02705c46da3e1205e445df7bdb · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Merge pull request #24121 from NixOS/fix-darwin-ssl-23605

git, openssl, curl: Respect $NIX_SSL_CERT_FILE

authored by Eelco Dolstra and committed by GitHub 9 years ago c7a6b5ea 72dc9c7f

+35 -3

5 changed files

expand all

unified split

pkgs

applications

version-management

git-and-tools

git

ssl-cert-file.patch

development

libraries

openssl

default.nix

nix-ssl-cert-file.patch

tools

networking

curl

default.nix

nix-ssl-cert-file.patch

+5 -2

pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch

··· 1 1 diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c 2 2 --- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100 3 3 +++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200 4 - @@ -544,6 +544,7 @@ 4 + @@ -544,6 +544,10 @@ 5 5 #if LIBCURL_VERSION_NUM >= 0x070908 6 6 set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); 7 7 #endif 8 - + set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); 8 + + if (getenv("NIX_SSL_CERT_FILE")) 9 + + set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE"); 10 + + else 11 + + set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); 9 12 set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); 10 13 11 14 set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");

pkgs/development/libraries/openssl/default.nix

··· 19 19 20 20 patches = 21 21 (args.patches or []) 22 + ++ [ ./nix-ssl-cert-file.patch ] 22 23 ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch 23 24 ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch 24 25 ++ optional

+14

pkgs/development/libraries/openssl/nix-ssl-cert-file.patch

··· 1 + diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c 2 + --- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 3 + +++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 4 + @@ -97,7 +97,9 @@ 5 + switch (cmd) { 6 + case X509_L_FILE_LOAD: 7 + if (argl == X509_FILETYPE_DEFAULT) { 8 + - file = (char *)getenv(X509_get_default_cert_file_env()); 9 + + file = (char *)getenv("NIX_SSL_CERT_FILE"); 10 + + if (!file) 11 + + file = (char *)getenv(X509_get_default_cert_file_env()); 12 + if (file) 13 + ok = (X509_load_cert_crl_file(ctx, file, 14 + X509_FILETYPE_PEM) != 0);

+1 -1

pkgs/tools/networking/curl/default.nix

··· 28 28 sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw"; 29 29 }; 30 30 31 - patches = [ ]; 31 + patches = [ ./nix-ssl-cert-file.patch ]; 32 32 33 33 outputs = [ "bin" "dev" "out" "man" "devdoc" ]; 34 34

+14

pkgs/tools/networking/curl/nix-ssl-cert-file.patch

··· 1 + diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c 2 + --- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200 3 + +++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200 4 + @@ -269,7 +269,9 @@ 5 + capath_from_env = true; 6 + } 7 + else { 8 + - env = curlx_getenv("SSL_CERT_FILE"); 9 + + env = curlx_getenv("NIX_SSL_CERT_FILE"); 10 + + if(!env) 11 + + env = curlx_getenv("SSL_CERT_FILE"); 12 + if(env) { 13 + config->cacert = strdup(env); 14 + if(!config->cacert) {